Security/ windows · security · zero-day · vulnerability

Windows Zero-Day Lets Low-Privilege Accounts Hijack Admins

A researcher dropped working exploit code the same day Microsoft pushed its largest-ever Patch Tuesday, targeting the Windows User Profile Service.

A researcher published a working Windows privilege-escalation exploit on the same day Microsoft shipped a record number of security patches.

The exploit, called HiveLegacy, targets a vulnerability in the Windows User Profile Service. It lets a low-privilege account modify an administrator's classes registry hive — the part of the registry that controls which application opens a given file type in Windows Explorer. Multiple researchers confirmed the proof-of-concept works. The anonymous researcher behind it, who goes by NightmareEclypse, says they stripped the code down to limit its usefulness to attackers, but described the underlying flaw as a "pretty powerful primitive." This is the ninth such exploit NightmareEclypse has published, each time citing frustration with how Microsoft handles their bug reports.

The timing is the story. Microsoft just completed what appears to be its largest-ever Patch Tuesday, and a public, confirmed exploit dropped the same afternoon — meaning defenders are already behind before they finish deploying this month's fixes. Privilege-escalation bugs like this one are high-value for attackers because they turn a foothold into full control, often without triggering obvious alerts.

NightmareEclypse has now released nine exploits under what looks like a sustained pressure campaign against Microsoft's vulnerability disclosure process — a reminder that how a company treats security researchers has consequences that land directly on its customers.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →